package io.netty.handler.ssl;

import io.netty.handler.ssl.au;
import io.netty.internal.tcnative.SSLContext;
import io.netty.util.internal.PlatformDependent;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* compiled from: ReferenceCountedOpenSslServerContext.java */
/* loaded from: classes2.dex */
public final class av extends au {
    private static final io.netty.util.internal.logging.c j = io.netty.util.internal.logging.d.a((Class<?>) av.class);
    private static final byte[] k = {110, 101, 116, 116, 121};
    private final al l;
    private final ai m;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes2.dex */
    public static final class a extends au.a {
        private final X509ExtendedTrustManager ao;

        a(af afVar, X509ExtendedTrustManager x509ExtendedTrustManager) {
            super(afVar);
            this.ao = x509ExtendedTrustManager;
        }

        @Override // io.netty.handler.ssl.au.a
        void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.ao.checkClientTrusted(x509CertificateArr, str, referenceCountedOpenSslEngine);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes2.dex */
    public static final class b implements io.netty.internal.tcnative.d {
        private final af a;

        b(af afVar) {
            this.a = afVar;
        }

        @Override // io.netty.internal.tcnative.d
        public boolean a(long j, String str) {
            ReferenceCountedOpenSslEngine b = this.a.b(j);
            if (b != null) {
                return b.a(str);
            }
            av.j.warn("No ReferenceCountedOpenSslEngine found for SSL pointer: {}", Long.valueOf(j));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes2.dex */
    public static final class c {
        al a;
        ai b;

        c() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ReferenceCountedOpenSslServerContext.java */
    /* loaded from: classes2.dex */
    public static final class d extends au.a {
        private final X509TrustManager ao;

        d(af afVar, X509TrustManager x509TrustManager) {
            super(afVar);
            this.ao = x509TrustManager;
        }

        @Override // io.netty.handler.ssl.au.a
        void a(ReferenceCountedOpenSslEngine referenceCountedOpenSslEngine, X509Certificate[] x509CertificateArr, String str) throws Exception {
            this.ao.checkClientTrusted(x509CertificateArr, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public av(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j2, long j3, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2) throws SSLException {
        this(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, a(applicationProtocolConfig), j2, j3, clientAuth, strArr, z, z2);
    }

    private av(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, aa aaVar, long j2, long j3, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2) throws SSLException {
        super(iterable, hVar, aaVar, j2, j3, 1, (Certificate[]) x509CertificateArr2, clientAuth, strArr, z, z2, true);
        try {
            c a2 = a(this, this.b, this.g, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory);
            this.l = a2.a;
            this.m = a2.b;
        } catch (Throwable th) {
            release();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static c a(au auVar, long j2, af afVar, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory) throws SSLException {
        c cVar = new c();
        synchronized (au.class) {
            try {
                SSLContext.setVerify(j2, 0, 10);
                if (z.m()) {
                    if (keyManagerFactory == null) {
                        keyManagerFactory = a(x509CertificateArr2, privateKey, str, keyManagerFactory);
                    }
                    X509KeyManager a2 = a(keyManagerFactory.getKeyManagers());
                    cVar.b = a(a2) ? new ag((X509ExtendedKeyManager) a2, str) : new ai(a2, str);
                } else {
                    if (keyManagerFactory != null) {
                        throw new IllegalArgumentException("KeyManagerFactory not supported");
                    }
                    io.netty.util.internal.q.a(x509CertificateArr2, "keyCertChain");
                    a(j2, x509CertificateArr2, privateKey, str);
                }
                try {
                    if (x509CertificateArr != null) {
                        trustManagerFactory = a(x509CertificateArr, trustManagerFactory);
                    } else if (trustManagerFactory == null) {
                        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                    }
                    X509TrustManager a3 = a(trustManagerFactory.getTrustManagers());
                    if (a(a3)) {
                        SSLContext.setCertVerifyCallback(j2, new a(afVar, (X509ExtendedTrustManager) a3));
                    } else {
                        SSLContext.setCertVerifyCallback(j2, new d(afVar, a3));
                    }
                    X509Certificate[] acceptedIssuers = a3.getAcceptedIssuers();
                    if (acceptedIssuers != null && acceptedIssuers.length > 0) {
                        long j3 = 0;
                        try {
                            j3 = a(acceptedIssuers);
                            if (!SSLContext.setCACertificateBio(j2, j3)) {
                                throw new SSLException("unable to setup accepted issuers for trustmanager " + a3);
                            }
                        } finally {
                            a(j3);
                        }
                    }
                    if (PlatformDependent.d() >= 8) {
                        SSLContext.setSniHostnameMatcher(j2, new b(afVar));
                    }
                } catch (SSLException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new SSLException("unable to setup trustmanager", e2);
                }
            } catch (Exception e3) {
                throw new SSLException("failed to set certificate and key", e3);
            }
        }
        cVar.a = new al(auVar);
        cVar.a.a(k);
        return cVar;
    }

    @Override // io.netty.handler.ssl.au
    ai h() {
        return this.m;
    }

    @Override // io.netty.handler.ssl.au
    /* renamed from: i, reason: merged with bridge method [inline-methods] */
    public al f() {
        return this.l;
    }
}
